https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Ultrasound

IoT Cybersecurity Requires More Than Scare Tactics

  • Written by Brian Buntz
  • 13th August 2018

At Black Hat USA, leaders of McAfee and Google stressed the importance of dialogue in addressing IoT cybersecurity.

LAS VEGAS — Christiaan Beek, McAfee’s lead scientist and senior principal engineer, was in the hospital with his expectant wife when he inadvertently learned about a troubling IoT cybersecurity vulnerability. When the ultrasound technician measured the size of their youngest child, Beek glanced at the screen and saw the message “saving data to image” flash across the screen. “You would expect the data to be written to a file,” Beek said in an interview here at Black Hat USA. “That’s what sparked my interest.”

Beek then dove into medical imaging security and found significant vulnerabilities involving poorly implemented open-source picture archiving and communication system (PACS) software as well as the use of “We found so many vulnerabilities. It was unbelievable,” Beek said. “I was shocked by it.”

Christiaan Beek

In his research, Beek found strings of clinics whose medical images directly connected to the internet. Beek shuddered to think that a cybercriminal could have seen an image of his youngest child before the baby was born. “Especially as a researcher, a discovery like that freaks me out,” he said.

Beek now has a central goal of researching the security of connected medical devices, vehicles, airplanes and industrial control systems. He wants to start a dialogue with the industry around the vulnerabiliities of connected devices and systems – not scare people. “It can be great to live in this interconnected world, but it’s easy to increase our attack surface — in our homes, cities as well as our nations — without knowing it,” he said.

To address the IoT cybersecurity problem as an industry requires a holistic strategy and a long-term view. “You know how we go and get a flu vaccine each year? Wouldn’t it be great if we had a super-vaccine that will protect us for life against the flu?” Beek asked. “Translated into the world of malware, would it be possible to develop the equivalent of a vaccine for certain threats?”

In a keynote at Black Hat, Parisa Tabriz, at Google, shared similar conclusions. Many cybersecurity defense strategies have a narrow focus or fail to learn from the past. “It’s incredibly frustrating when I see a report of a security vulnerability that I know is previously fixed or is some trivial variant of a bug we know about,” she said. “As things get more and more connected, we have to stop playing [cybersecurity] Whac-a-Mole.”

Parisa Tabriz

Part of the reason for this seemingly eternal recurrence in cybersecurity rests on the fact that many manufacturers fail to follow basic cybersecurity lessons, according to Beek. “With all due respect, it is easy to ship an IoT device without default passwords or leaving telnet enabled,” Beek said.

In the medical field, vendors have long prioritized ensuring that critical medical devices are rugged and capable of working without interruption. “If the battery on a medical device runs out, it can be exchanged very quickly,” Beek said. “But using encryption on the disk of a machine holding medical data,” for instance, is likely not a high priority. “Sometimes the attitude of [medical device companies] is: ‘Cybersecurity is too difficult. It’s too much of a hassle to fix.’”

As the world hurtles toward a future with tens of billions of IoT devices, where, as Tabriz said, “computer security is becoming security of the world,” approaching computer security and IoT cybersecurity as a community endeavor with high standards becomes critical. “We have to identify and tackle the root cause of the problems we uncover and not just be satisfied with isolated fixes,” Tabriz said. “We have to build a coalition of champions and supporters outside of security, so that [our long-term cybersecurity] efforts are successful.”

 

Tags: Security Features

Related


  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.
  • Securing IoT at the Edge Is Key to Safe IoT Operations
    With unsecured IoT devices at the edge, IoT environments are vulnerable to malicious threats that disrupt operations.
  • Building a Foundation for AI in Cybersecurity
    Making effective use of AI in cybersecurity demands a careful approach.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 
  • Why IoT Certification Could Boost Your Career
  • Cybersecurity Crisis Management During the Coronavirus Pandemic

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart and Flexible Automotive and Tire Production

20th December 2020

Unlock the Potential of Digital Transformation in Oil & Gas

15th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

The DOD turned to #kubernetes #containers for #IoTdevelopment to brace for rapid change. dlvr.it/RqzsLz https://t.co/t8W7coEdZN

20th January 2021
IoTWorldToday, IoTWorldSeries

Food for thought: Food and Beverage Industry eBook @ROKAutomation dlvr.it/Rqz00T https://t.co/Z3y18vuozF

20th January 2021
IoTWorldToday, IoTWorldSeries

Facility of the Future dlvr.it/Rqyzvm https://t.co/ytpsOUTtGP

20th January 2021
IoTWorldToday, IoTWorldSeries

A new day in automotive production #digitalmanufacturingsolutions @ROKAutomation dlvr.it/RqyrNS https://t.co/yxPFrBZGVg

20th January 2021
IoTWorldToday, IoTWorldSeries

Unlock the potential of digital transformation in Oil & Gas @ROKAutomation dlvr.it/RqyrBV https://t.co/kzHcGjf2OK

20th January 2021
IoTWorldToday, IoTWorldSeries

.@Airbus’s #datdriven #digitaltransformation focused on getting its existing data in order rather than just gatheri… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#EdgeNLP enables devices to do much more #NLP locally that better approximates human conversation.… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#Supplychain analytics, #digitaltwins and other tools are key to predicting COVID-19-style disruption in the supply… twitter.com/i/web/status/1…

18th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X